Update packages for CVE-2022-24407

.github/workflows/ci.yml

@@ -189,8 +189,7 @@ jobs:
         continue-on-error: true
         with:
           image-ref: nginx/nginx-ingress-operator:${{ steps.meta.outputs.version }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
+          format: 'sarif'
           output: 'trivy-results.sarif'
           ignore-unfixed: 'true'
       - name: Upload Trivy scan results to GitHub Security tab

Dockerfile

@@ -19,6 +19,8 @@ COPY controllers/ controllers/
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -w -X main.version=${VERSION}" -a -o manager main.go
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as base
+# temporary fix for CVE-2022-24407
+RUN microdnf --nodocs upgrade -y cyrus-sasl-lib
 ARG VERSION
 WORKDIR /
 COPY config/crd/kic ./config/crd/kic

Makefile

@@ -118,7 +118,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 
 .PHONY: docker-build
 docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} -f ${DOCKERFILE} . --build-arg VERSION=${VERSION} --target local
+	docker build -t ${IMG} . --build-arg VERSION=${VERSION} --target local
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.